PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.11 & 7.1.23: a) Bug #66828 – (iconv_mime_encode Q-encoding longer than it should be). b) Bug #73457 – (Wrong error message when fopen FTP wrapped fails to open data connection). c) Bug #74454 – (Wrong exception being thrown […]
Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) Cross-origin URL disclosure in Blink – (CVE-2018-17468). b) Heap buffer overflow in PDFium – (CVE-2018-17469). c) iframe sandbox escape on iOS – (CVE-2018-17472). d) Lack of limits on update() in ServiceWorker – (CVE-2018-5179). e) Memory corruption in […]
Google has released a security update stating that the following vulnerabilities have been discovered in the Android Operating System: a) A denial of service vulnerability in Framework – (CVE-2018-9452). b) Multiple elevation of privilege vulnerabilities in Framework – (CVE-2018-9490, CVE-2018-9492). c) An information disclosure vulnerability in Framework – (CVE-2018-9493). d) A remote code vulnerability in […]
VMWare has released a security update stating that the VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This issue may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. Further information on this vulnerability […]
Microsoft has released a security update stating that a vulnerability has been discovered in Microsoft Windows JET Database Engine due to an out-of-bounds write error. Successful exploitation of this vulnerability could allow for a remote attacker to execute code in the context of the current process. Further information on this vulnerability and how it can […]
Cisco has released a security update stating that an in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this […]
PHP has released a security update stating that the following vulnerabilities have been discovered in PHP ver 7.2.10 & Version 7.1.22: a) Bug #55146 – (iconv_mime_decode_headers() skips some headers) b) Bug #60494 – (iconv_mime_decode does ignore special characters) c) Bug #63839 – (iconv_mime_decode_headers function is skipping headers) d) Bug #65988 – (Zlib version check fails […]
Apple has released a security update stating that a vulnerability has been discovered in iOS ver 11.0 and later where an attacker in a privileged network position may be able to intercept analytics data sent to Apple. Further information on this vulnerability and how it can be mitigated can be found on the Apple Website […]
HP has released a security update stating that it has discovered a vulnerability in some versions of its inkjet printers where a maliciously crafted file sent to an affected device can cause a stack or static buffer overflow which could allow remote code execution. Further information on this vulnerability and which inkjet printer versions it […]
Google has released a security update stating that the following issues have been discovered in the Android OS: a) An remote code vulnerability in Android Runtime – (CVE-2018-9466). b) An elevation of privilege vulnerability in Android Runtime – (CVE-2018-9467). c) An information disclosure vulnerability in Framework – (CVE-2018-9468). d) Multiple elevation of privilege vulnerabilities in […]
